Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Discovering Live Hosts

From: "rajat swarup" <rajats () gmail com>
Date: Tue, 7 Aug 2007 23:10:27 -0400
On 8/7/07, Nikhil Wagholikar <visitnikhil () gmail com> wrote:



Can anyone kindly guide me, as to how to find live IP Addresses from a
given Pool of IP Addresses (Range of IP Addresses) with as less false
positive results as possible and as quickly as possible? Is there any
tool out (no matter shareware or freeware), which focuses on finding
live IP Addresses from Pool of IP Addresses?


Hi Nikhil,
I would choose some 40-50 odd most commonly used ports and perform a
SYN Stealth scan only on those ports -sS -P0 (e.g.,
21,22,23,25,53,80,443,3389,9000 etc).
I'd also do a ping scan.
Now there are 4 possibiities:
1. A host responds to ping
2. A host responds with open port
3. A host responds with a closed port
4. A host resolved DNS name
In each of the four cases you come to know the host is alive.

HTH,
Rajat.
-- 
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: